MISP vs Wazuh
GitHub Stats
About MISP
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, and counter-terrorism data. It provides a robust data model for structuring threat data, automatic correlation of attributes and indicators, flexible sharing groups for controlled distribution, and import/export in STIX, OpenIOC, and many other formats. MISP includes a built-in feed system for consuming external threat intelligence, a REST API for automation, and taxonomies and galaxies for consistent classification. It's used by CERTs, SOCs, threat intelligence teams, and law enforcement worldwide as their primary threat intelligence management platform.
About Wazuh
Wazuh is a free, open-source security platform that provides unified XDR (Extended Detection and Response) and SIEM (Security Information and Event Management) capabilities. It consists of an agent deployed on endpoints and a central server that collects, analyzes, and correlates security data. Wazuh performs real-time log analysis, file integrity monitoring, rootkit detection, vulnerability assessment, configuration compliance checking (CIS, PCI DSS, HIPAA, NIST), and active response. It detects threats using rules that correlate events from multiple sources, including endpoint logs, cloud services (AWS, Azure, GCP), containers, and network devices. Wazuh integrates with Elasticsearch and OpenSearch for log storage and visualization, and includes a custom dashboard for security operations. Its open-source nature and comprehensive feature set make it a popular alternative to commercial SIEM solutions.
Platform Support
Tags
MISP only
Wazuh only